tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Submission: On June 17 via automatic, source openphish (June 17th 2020, 1:28:20 am UTC)

Summary HTTP 104 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 23 domains to perform 104 HTTP transactions. The main IP is 66.113.180.84, located in Chicago, United States and belongs to NETNATION, CA. The main domain is tw-ec.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 1st 2020. Valid for: 3 months.

This is the only time tw-ec.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	66.113.180.84 66.113.180.84	14280 (NETNATION) (NETNATION)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2	151.101.113.175 151.101.113.175	54113 (FASTLY) (FASTLY)
3	13.226.154.106 13.226.154.106	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.226.145.171 13.226.145.171	16509 (AMAZON-02) (AMAZON-02)
1	104.111.247.111 104.111.247.111	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.245.241 104.111.245.241	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
17	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
16	92.123.176.136 92.123.176.136	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
1 4	108.128.143.12 108.128.143.12	16509 (AMAZON-02) (AMAZON-02)
2 13	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	63.32.201.208 63.32.201.208	16509 (AMAZON-02) (AMAZON-02)
1	15.236.175.233 15.236.175.233	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	185.31.128.129 185.31.128.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 4	2a00:1450:400... 2a00:1450:4001:81e::2013	15169 (GOOGLE) (GOOGLE)
2 2	52.28.175.104 52.28.175.104	16509 (AMAZON-02) (AMAZON-02)
1	35.241.8.149 35.241.8.149	15169 (GOOGLE) (GOOGLE)
1 2	172.217.18.6 172.217.18.6	15169 (GOOGLE) (GOOGLE)
2	23.43.114.84 23.43.114.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 10	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	52.48.230.192 52.48.230.192	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
104	29

2 66.113.180.84 (Chicago, United States)

ASN14280 (NETNATION, CA)
PTR: server.loginmktdigital.com

tw-ec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.226.154.106 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-154-106.dus51.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.145.171 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-171.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.247.111 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-247-111.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.241 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-241.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 92.123.176.136 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-176-136.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.128.143.12 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-143-12.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (Netherlands)

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.201.208 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-201-208.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.31.128.129 (Netherlands)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81e::2013 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.175.104 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-175-104.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.8.149 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 149.8.241.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.6 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f6.1e100.net

6269322.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.43.114.84 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-114-84.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.230.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	citi.com online.citi.com metrics1.citi.com	363 KB
17	ensighten.com nexus.ensighten.com	174 KB
14	google.com 2 redirects cse.google.com www.google.com	102 KB
12	doubleclick.net 3 redirects 6269322.fls.doubleclick.net googleads.g.doubleclick.net	12 KB
10	google.de www.google.de	1 KB
8	googletagmanager.com www.googletagmanager.com	260 KB
7	pbbl.co 2 redirects cdn.pbbl.co px0.pbbl.co	10 KB
5	demdex.net 1 redirects dpm.demdex.net citi.demdex.net	4 KB
3	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	11 KB
2	bluekai.com stags.bluekai.com
2	agkn.com 2 redirects aa.agkn.com	804 B
2	rfihub.com a.rfihub.com 20766699p.rfihub.com	685 B
2	medallia.com resources.digital-cloud-citi.medallia.com	58 KB
2	ytimg.com s.ytimg.com	50 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	2 KB
2	bing.com bat.bing.com	8 KB
2	tw-ec.com tw-ec.com	9 KB
1	rlcdn.com sr.rlcdn.com
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	youtube.com www.youtube.com	920 B
1	bkrtx.com tags.bkrtx.com	11 KB
1	rfihub.net c1.rfihub.net	7 KB
1	googleadservices.com www.googleadservices.com	11 KB
104	23

	Domain	Requested by
17	nexus.ensighten.com	tw-ec.com nexus.ensighten.com
16	online.citi.com	tw-ec.com
13	www.google.com	2 redirects cse.google.com
10	www.google.de
10	googleads.g.doubleclick.net	2 redirects www.googleadservices.com
8	www.googletagmanager.com	tw-ec.com
4	px0.pbbl.co	2 redirects tw-ec.com
4	dpm.demdex.net	1 redirects tw-ec.com nexus.ensighten.com
3	cdn.pbbl.co	tw-ec.com cdn.pbbl.co
2	stags.bluekai.com	tags.bkrtx.com
2	6269322.fls.doubleclick.net	1 redirects nexus.ensighten.com
2	aa.agkn.com	2 redirects
2	resources.digital-cloud-citi.medallia.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	s.ytimg.com	tw-ec.com www.youtube.com
2	bat.bing.com	tw-ec.com
2	nebula-cdn.kampyle.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	tw-ec.com	tw-ec.com
1	udc-neb.kampyle.com
1	insight.adsrvr.org	js.adsrvr.org
1	sr.rlcdn.com	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	a.rfihub.com	c1.rfihub.net
1	cse.google.com	tw-ec.com
1	www.youtube.com	tw-ec.com
1	tags.bkrtx.com	tw-ec.com
1	c1.rfihub.net	tw-ec.com
1	js.adsrvr.org	tw-ec.com
1	www.googleadservices.com	tw-ec.com
104	31

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citi.com
www.citicards.com

Subject Issuer	Validity	Valid
tw-ec.com cPanel, Inc. Certification Authority	`2020-06-01` - `2020-08-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-05-18` - `2022-08-21`	2 years	crt.sh
*.pbbl.co Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2020-04-01` - `2021-07-01`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
www.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-31` - `2020-08-30`	2 years	crt.sh
px0.pbbl.co GTS CA 1D2	`2020-04-30` - `2020-07-29`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-04-14` - `2021-04-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh

This page contains 10 frames:

Primary Page: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Frame ID: 6B6EF930A1CF9E450ECE3662A9E17CE3
Requests: 95 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 69415003D2363DE417DB480C23D628F3
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 12013DD14814689CBC04576C50CA6E8F
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=2159827870997064190&rfiaid=8088f8c672c549b4b4cb46d73d22e4c8&ver=9&ra=1384&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&pf=&ra=6146811043175109
Frame ID: 4C80939DECF1E8BE1DA2B0421229C520
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 0BE3F73AD0BB25514E6FCB780232D30F
Requests: 1 HTTP requests in this frame

Frame: https://6269322.fls.doubleclick.net/activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064
Frame ID: 816F4D248A6E254A21DF90272692E25D
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&phint=__bk_v%3D3.1.5&limit=10&r=85514291
Frame ID: 4437FD39F54672E8F690B690E1726031
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&phint=__bk_v%3D3.1.5&limit=10&r=21235994
Frame ID: 21238D0FB8521DC02BFCE09E7E7C968E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: ECCD4D5ADF29E4AC54FC7B7FB2054B77
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: B3B09ADA7E88700F298A0F5C3B7F6059
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Page Statistics

104
Requests

100 %
HTTPS

29 %
IPv6

23
Domains

31
Subdomains

29
IPs

6
Countries

1090 kB
Transfer

3603 kB
Size

8
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/loginpage/retarget.action?loginscreenId=SignOn&next_page=jfp|dashboard&deepdrop=true&locale=es_US
Title: Español

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/0-percent-intro-apr-credit-cards
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/savings-and-cash-back-credit-cards
Title: Cash Back Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/rewards-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=N&OC=CC-CITI-3D5
Title: See If You're Pre-Qualified

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/business-credit-cards
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193

Request Chain 61

https://cm.everesttech.net/cm/dd?d_uuid=80422220942043567771594240106791034598 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxowAAA6O90lL0

Request Chain 65

https://px0.pbbl.co/ns/__p2.gif?ppid=24d9f551-6eac-4896-ba1d-84c778b59461&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&sessionId=&markerType=seg&rand=xfXiiJXgVNdxt8w7&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c&mt=&bd=

Request Chain 67

https://6269322.fls.doubleclick.net/activityi;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064 HTTP 302
https://6269322.fls.doubleclick.net/activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064

Request Chain 76

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1592357284424&cv=9&fst=1592357284424&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=876329788&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=876329788&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCpU64CMxeAmPZbIx7t4f7k86l87uORJipMx4j3quNfjHp6mwG_BPPtiK0UdnY8YywBVcBSgjbg-yH99qn_-NO3

Request Chain 80

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1592357284426&cv=9&fst=1592357284426&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=3910084509&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=3910084509&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCLKMlIrd5lupP482Uwyf_9pK3DYj5mDbSFz5qr_EKpQaC06HcsxCed0rCiK5Bm_JTwEDxWf9WAwV_YJeNFkV_p

Request Chain 102

https://px0.pbbl.co/ns/__p2.gif?ppid=24d9f551-6eac-4896-ba1d-84c778b59461&chk=true&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&sessionId=&markerType=seg&rand=5qLLRCCr0XUJEF7S&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&iid=24b3e5c4-201f-4b61-9067-1407275900de HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=24b3e5c4-201f-4b61-9067-1407275900de&mt=&bd=

104 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request grp.php Show response
tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/ 35 KB
9 KB 686ms
284ms Document
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash: a523f76ea49078b87f5e1da8e51505d8b8ed37ca76c02c57a49b7208d900b1a7

Request headers

Host: tw-ec.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:28:01 GMT
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 68ms
67ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-28="googleads.g.doubleclick.net:443"; ma=2592000,h3-28=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
server: cafe
etag: 13497728949557021888
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 179ms
58ms Script
application/javascript 151.101.113.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: MISS, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-hhn4064-HHN
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357282.153994,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 0, 461110

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 869ms
410ms Script
application/javascript 13.226.154.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.154.106 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-154-106.dus51.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: DUS51-C1
status: 200
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
cache-control: max-age=1800, public
x-amz-cf-id: ckCqbGV5TzS29gwwNsLAieBXqKmRI2sk3SK7yXWjTSRigbuh2VPIzw==
x-xss-protection: 1
expires: Wed, 17 Jun 2020 01:58:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-677332377&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 41ms
35ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 20ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 21ms
16ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 28ms
23ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33233
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 25 KB
8 KB 35ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 19:59:59 GMT
x-msedge-ref: Ref A: 512B1DAC06494213A5766AF471F20515 Ref B: FRAEDGE1416 Ref C: 2020-06-17T01:28:03Z
status: 200
etag: "804946b8613fd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7791

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 687ms
228ms Script
application/x-javascript 13.226.145.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.145.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-145-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:49:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 32376
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 49e78dae34a1d21beb31b4002f7ce92e.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: qIoH3YmrkfxlSAodlttO_NMmkpmdbhz4m1qcCBayL6k7vDyoGIhrPw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 35ms
30ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33245
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 32ms
27ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

098ec96d97335494e2b165640ea36d1f73a1f98fb259f6bfcd06ba693d7af699

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33217
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 188ms
61ms Script
application/x-javascript 104.111.247.111
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.247.111 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-247-111.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:28:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Apr 2020 14:59:57 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Wed, 17 Jun 2020 02:28:03 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 205ms
61ms Script
application/javascript 104.111.245.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.245.241 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-245-241.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 26 May 2020 20:03:16 GMT
Server: nginx/1.15.8
ETag: W/"5ecd7604-784f"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Wed, 17 Jun 2020 01:28:03 GMT
Connection: keep-alive
Content-Length: 10652
Expires: Wed, 24 Jun 2020 01:28:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33207
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/ 68 KB
25 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/www-widgetapi.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Jun 2020 05:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243811
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25703
x-xss-protection: 0
last-modified: Fri, 12 Jun 2020 21:42:42 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Mon, 22 Jun 2020 05:44:32 GMT

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 57ms
52ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 119cb7baf6c8377b2b2693b16e566a65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 588 B
770 B 57ms
53ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/119cb7baf6c8377b2b2693b16e566a65.js?conditionId0=4824253
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Tue, 22 Oct 2019 16:59:12 GMT
server: nginx
etag: "5daf3560-24c"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 588

GET
H2 200 7a9abd5b52a3e438cec898587d77cfa0.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 58ms
54ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7a9abd5b52a3e438cec898587d77cfa0.js?conditionId0=3013337
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 58ms
54ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 8e65688c37e3cfac5fcf631a6bbebaf5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 58ms
54ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8e65688c37e3cfac5fcf631a6bbebaf5.js?conditionId0=467299
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 6079f51b39f93dfe6843f5f9d6980bc1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 59ms
55ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6079f51b39f93dfe6843f5f9d6980bc1.js?conditionId0=472983
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-afb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 d06a7425889facdccb0c0703252e84f2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 57ms
53ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d06a7425889facdccb0c0703252e84f2.js?conditionId0=486757
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 59ms
55ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 2f8cdd7d5384233c3c08b77d77830f4b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 59ms
55ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/2f8cdd7d5384233c3c08b77d77830f4b.js?conditionId0=4854834
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Wed, 27 May 2020 04:03:42 GMT
server: nginx
etag: W/"5ecde69e-cc8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 452786ced3e658890f8f25121c88ab98.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 59ms
55ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/452786ced3e658890f8f25121c88ab98.js?conditionId0=421908
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 f1c71c10d3e2f87f440821ca1f9e2e65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
863 B 87ms
83ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f1c71c10d3e2f87f440821ca1f9e2e65.js?conditionId0=480881
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-631"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
920 B 32ms
29ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

fea31b925e08f792faec014611a6e2567fd23eb56549e03605d10f5ecc91c948

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 cse.js Show response
cse.google.com/cse/ 10 KB
4 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

7193aaa6c7aba8445518029290502b3e67895255039ea4a36df05ca3faa52308

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3474
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:28:03 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
836 B 252ms
144ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=382814.40512243094&ClientID=1129&PageID=https%3A%2F%2Fonline.citi.com%2FUS%2FJSO%2Floginpage%2Fretarget.action%3Fnext_page%3Ddashboard%26loginscreenId%3DSignOn%26deepdrop%3Dtrue%26intc%3D1~7~51~3~191101~8~LegacyHeader~LoginLink
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 98e511ee757b9f209813cf195f4c7dada491a008da27cc37a19917949734d62f

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:28:01 GMT

GET
H/1.1 404
Not Found tagging.js
tw-ec.com/CBOL/taggingTransformation/ 0
0 1129ms
1127ms Script
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/CBOL/taggingTransformation/tagging.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:28:02 GMT
Content-Encoding: gzip
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: Keep-Alive
Link: <https://tw-ec.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ddl.min.css
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ 624 KB
69 KB 214ms
73ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 69738
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jfpm.autocomplete.off.js Show response
online.citi.com/JFP/js/modules/ 1 KB
834 B 76ms
73ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:03 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 344
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main_branding.css
online.citi.com/GFC/branding/responsivebranding/css/ 273 KB
43 KB 298ms
157ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 05 May 2020 09:06:51 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 43751
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 vendor.js Show response
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ 204 KB
64 KB 322ms
182ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 64910
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 311 KB
102 KB 191ms
84ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:02 GMT
content-encoding: gzip
last-modified: Mon, 15 Jun 2020 15:13:13 GMT
server: nginx
etag: W/"5ee79009-4dbbb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H2 200 homePage.min.css
online.citi.com/loginpage/styles/ 24 KB
5 KB 319ms
178ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/loginpage/styles/homePage.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 5032
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jquery.tmpl.js Show response
online.citi.com/JFP/js/jquery/plugins/ 6 KB
3 KB 342ms
201ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 2905
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 fp.min.js Show response
online.citi.com/JSO/js/ 15 KB
5 KB 82ms
79ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSO/js/fp.min.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:03 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 4322
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 cbol-smartSearch.css
online.citi.com/NCCS/smartSearch/css/ 8 KB
1 KB 321ms
181ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 899
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HowCanWeHelpButton_default.png
online.citi.com/GFC/branding/img/ 3 KB
4 KB 88ms
85ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/HowCanWeHelpButton_default.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Mon, 27 Apr 2020 04:42:01 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 3364
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main.css
online.citi.com/GFC/branding/responsivebranding/css/ 45 KB
7 KB 73ms
73ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Wed, 26 Jun 2019 07:44:47 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 7108
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 rsa.js Show response
online.citi.com/CBOL/sec/debcaract/js/ 36 KB
11 KB 74ms
73ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/debcaract/js/rsa.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 10616
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 TMXProfiling.js Show response
online.citi.com/TMX/ 1 KB
1 KB 73ms
73ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/TMX/TMXProfiling.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:28:02 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 546
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 179ms
59ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mgQTkYdcRiRLQUJcdXLWi1M5ookEcoqM
content-encoding: gzip
etag: "9cae4dcb6a8a9556a0a5839bd5432d0d"
age: 68
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 675
x-amz-id-2: CPoyewQ434+T74yQuvCwazczhaXqYJHBBpyzukqdCqTfzuW270vNR0aC+bNBJ6OYstH5y4Rxmgc=
x-served-by: cache-fra19120-FRA
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357283.725798,VS0,VE0
date: Wed, 17 Jun 2020 01:28:02 GMT
vary: Accept-Encoding
x-amz-request-id: 920BAE20A2000D66
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflF_QJuO/ 67 KB
25 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflF_QJuO/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Jun 2020 05:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330120
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25512
x-xss-protection: 0
last-modified: Sat, 13 Jun 2020 04:07:05 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Sun, 21 Jun 2020 05:46:03 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193

363 B
1 KB

74ms
74ms

XHR
application/json

108.128.143.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.143.12 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-143-12.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8252e3d4ad1c50b9d381f1ef45d1ef1e573ddc245639fa10fcdcf62283db273c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-0c68c733b.edge-irl1.demdex.com 5.73.2.20200611122118 3ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: S6UoMHouQyo=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 297
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tw-ec.com
X-TID: 5KsxkcPuSSs=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357283193
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 92ms
91ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 1040
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Light.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 74 KB
74 KB 214ms
74ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 75483
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
703 B 67ms
67ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=927.6371851418796&ClientID=1129&PageID=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bda53c75c8aad226e448d24a855c7f0d6ab03f9bb5f0dcbe23de28eac2306520

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:28:02 GMT

GET
H2 200 arrow-dropdown-down.svg
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 1 KB
1 KB 203ms
199ms Image
image/svg+xml 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-dropdown-down.svg

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

799b3441638d39c44c00a199ecd3dec31d13b4e4103839b6f321f72ce5c1e7f7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 571
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/svg+xml
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Bold.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 70 KB
71 KB 267ms
158ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:28:03 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 71859
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/57975621473fd078/ 261 KB
87 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 08:17:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 61814
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88534
x-xss-protection: 0
expires: Wed, 16 Jun 2021 08:17:49 GMT

GET
H2 200 default_v2+de.css
www.google.com/cse/static/element/57975621473fd078/ 40 KB
9 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/default_v2+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 08:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 61820
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8905
x-xss-protection: 0
expires: Wed, 16 Jun 2021 08:17:43 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 00:58:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 1803
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:48:00 GMT

GET
H2 200 29c31210f5090c402a7dd5c972af33d8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 98 KB
22 KB 57ms
56ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/29c31210f5090c402a7dd5c972af33d8.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 20:38:54 GMT
server: nginx
etag: W/"5ee3e7de-186d1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 6bf99ef458403d186da9a034d9628c7f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 124 KB
34 KB 61ms
61ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6bf99ef458403d186da9a034d9628c7f.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-1ee5b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 da167c55d765aa5c0bbbeaa450af06e1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 26 KB
6 KB 67ms
66ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:03 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-69f7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
685 B 237ms
62ms Script
application/javascript 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: b1182f544cec197caf3fac8c212bb09e891899acb3a79ac4a016843b9c63bce8

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: public, max-age=33696000
Content-Type: application/javascript
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Expires: Mon, 12 Jul 2021 01:28:03 GMT

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame 6941 0
0 288ms
72ms Document
text/html 63.32.201.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.201.208 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-201-208.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=80422220942043567771594240106791034598
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 11 Jun 2020 14:23:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=80422220942043567771594240106791034598;Path=/;Domain=.demdex.net;Expires=Mon, 14-Dec-2020 01:28:03 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: uqtTRt2wQAQ=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
622 B 192ms
63ms XHR
application/x-javascript 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=73656859608955906662286837777057179461&ts=1592357283554

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

3a2bbed1c8778501b9333e5fd55f47377f21f39033a38d9e6e19b9232f1e5f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Wed, 17 Jun 2020 01:28:03 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6f7565dc8b-ts6ss
vary: Origin
x-c: master-1308.I3d0a82.M0-421
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://tw-ec.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XulxowAAA6O90lL0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=80422220942043567771594240106791034598
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxowAAA6O90lL0

42 B
915 B

71ms
70ms

Image
image/gif

108.128.143.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxowAAA6O90lL0

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.143.12 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-143-12.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-0cd988e09.edge-irl1.demdex.com 5.73.2.20200611122118 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: h+9C9HsGRiY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 17 Jun 2020 01:28:03 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxowAAA6O90lL0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame 1201 0
0 235ms
234ms Document
text/html 13.226.154.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.154.106 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-154-106.dus51.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Wed, 17 Jun 2020 00:42:45 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: HCxCHwiwcp7NWaTpwV3ie6WQR3shxRtjDPT21HAYfXtMRLv1h7dWfw==
age: 2718

GET
H/1.1 200
OK Cookie set ca.html
20766699p.rfihub.com/ Frame 4C80 0
0 251ms
65ms Document
text/html 185.31.128.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?rfiidc=2159827870997064190&rfiaid=8088f8c672c549b4b4cb46d73d22e4c8&ver=9&ra=1384&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&pf=&ra=6146811043175109
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rud=H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bWQ4gWqMTI2NTeyMDYzNQMA1YiqiTQAAAA; ruds=H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bUAAKpRlbwlAAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bUAAKpRlbwlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bWQ4gWqMTI2NTeyMDYzNQMA1YiqiTQAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 12 Jul 2021 01:28:03 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Server: Jetty(9.0.6.v20130930)

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 127ms
73ms XHR
application/json 108.128.143.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=73656859608955906662286837777057179461&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012F74B8D18515E322-6000079F1D99555B&ts=1592357283748

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.143.12 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-143-12.eu-west-1.compute.amazonaws.com

Software

Resource Hash

85d88e53141e598add1bec9028b26983e49ccdabe1c8c62acb4cc3d9a74c42ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v072-06c28006a.edge-irl1.demdex.com 5.73.2.20200611122118 3ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: EFk2g3GiSMA=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 299
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=24d9f551-6eac-4896-ba1d-84c778b59461&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fci...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c&mt=&bd=

42 B
128 B

175ms
175ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c&mt=&bd=

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 2c17a86464c287ab9d1b60f3450d133b
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=901ca6ea-8fa9-4c7a-8caf-5d05542de70c&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 204 425466.html
sr.rlcdn.com/ Frame 0BE3 0
0 229ms
159ms Document
text/plain 35.241.8.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 149.8.241.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

status: 204
date: Wed, 17 Jun 2020 01:28:04 GMT
via: 1.1 google
alt-svc: clear

GET
H2

200

activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064
6269322.fls.doubleclick.net/ Frame 816F
Redirect Chain

https://6269322.fls.doubleclick.net/activityi;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064?
https://6269322.fls.doubleclick.net/activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064?

0
0

77ms
76ms

Document
text/html

172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6269322.fls.doubleclick.net/activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064?

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/119cb7baf6c8377b2b2693b16e566a65.js?conditionId0=4824253

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6269322.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmzDESMBvjok7htBMuKBIWx83PMf2yo3JboJ1A6d02HuZIXu_LqMM73l6T8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Wed, 17 Jun 2020 01:28:04 GMT
expires: Wed, 17 Jun 2020 01:28:04 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Wed, 17 Jun 2020 01:28:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6269322.fls.doubleclick.net/activityi;dc_pre=CLPAtZLZh-oCFd7HuwgdhaANAA;src=6269322;type=bankp0;cat=banka011;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6373571725064?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 generic1592252470076.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 306 KB
57 KB 62ms
62ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: tQ9017fc.zeF_GjfoDMNfMQpRZYcKHNO
content-encoding: gzip
etag: "1b861237647271927f8de45ff11c3a2a"
age: 66
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 58385
x-amz-id-2: 5bJPS3t0+mwAvk1KXKp25BTxiCXlNzhA4LdD+EzbV8V/SEyZz4BYouJ2WbLnYaRoyWH4QT/jdbw=
x-served-by: cache-fra19120-FRA
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357284.436628,VS0,VE2
date: Wed, 17 Jun 2020 01:28:04 GMT
vary: Accept-Encoding
x-amz-request-id: 61F0400823E92C59
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 4437 0
0 353ms
219ms Document
text/html 23.43.114.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&phint=__bk_v%3D3.1.5&limit=10&r=85514291
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.43.114.84 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-43-114-84.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: de6d
Date: Wed, 17 Jun 2020 01:28:04 GMT
Connection: keep-alive
X-N: S

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 2123 0
0 353ms
213ms Document
text/html 23.43.114.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&phint=__bk_v%3D3.1.5&limit=10&r=21235994
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.43.114.84 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-43-114-84.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 5a37
Date: Wed, 17 Jun 2020 01:28:04 GMT
Connection: keep-alive
X-N: S

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame ECCD 0
0 235ms
235ms Document
text/html 13.226.154.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.154.106 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-154-106.dus51.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Wed, 17 Jun 2020 00:42:45 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: WAei3ElR4Kc8FB2XrjX2xv_-_g0Kd9gqyR1hqqRiQRrrJofL6ACqYA==
age: 2719

GET
H2 204 0
bat.bing.com/action/ 0
116 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=de1b64a4-d753-1118-b26f-f0c3ff84529b&sid=a2825f3c-d6c1-754a-a545-bb59673e6cae&vid=9dac4349-36bb-ce64-8aef-c9fb392ab0a1-0&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Sign%20On%20to%20view%20your%20account&p=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&r=&lt=3098&evt=pageLoad&msclkid=N&sv=1&rn=721641
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 5D3BE764C164435D812267FD00D6298A Ref B: FRAEDGE1416 Ref C: 2020-06-17T01:28:04Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1592357284421&cv=9&fst=1592357284421&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4016d000406949fa22d329309e9bc7f9c1de6592ef299526ca1929272f2fd9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1064
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1592357284423&cv=9&fst=1592357284423&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0605bd4842ebf600215f283776428cbe1f2c94101ec530c09ad70944abd08fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1063
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1592357284424&cv=9&fst=1592357284424&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61bef7732873da265125c3ee9bc20896200607ecc4cb53509182ddc455e26bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1063
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1592357284424&cv=9&fst=1592357284424&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
107 B

19ms
19ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=876329788&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCpU64CMxeAmPZbIx7t4f7k86l87uORJipMx4j3quNfjHp6mwG_BPPtiK0UdnY8YywBVcBSgjbg-yH99qn_-NO3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=876329788&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCpU64CMxeAmPZbIx7t4f7k86l87uORJipMx4j3quNfjHp6mwG_BPPtiK0UdnY8YywBVcBSgjbg-yH99qn_-NO3
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1592357284425&cv=9&fst=1592357284425&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29db52d13eac56c4ca5e52363c666e7bba8a0703efdf1dd249cdbdca3ef25204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1064
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1592357284426&cv=9&fst=1592357284426&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d211c64bc08659fe37fb5584c228a0e7aee0179c4a48cc795b87a04fb4f5f062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1063
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1592357284427&cv=9&fst=1592357284427&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b5274faa1c662206b2e3aa8a9b33ea51aa8143267a4cd9f9de6a63648cadc53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1062
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1592357284426&cv=9&fst=1592357284426&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
107 B

29ms
29ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=3910084509&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCLKMlIrd5lupP482Uwyf_9pK3DYj5mDbSFz5qr_EKpQaC06HcsxCed0rCiK5Bm_JTwEDxWf9WAwV_YJeNFkV_p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1592357284426&cv=9&fst=1592355600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&is_vtc=1&random=3910084509&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCLKMlIrd5lupP482Uwyf_9pK3DYj5mDbSFz5qr_EKpQaC06HcsxCed0rCiK5Bm_JTwEDxWf9WAwV_YJeNFkV_p
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 2 KB
1 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1592357284428&cv=9&fst=1592357284428&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4941ded27e25351a5e1d616064accf95be6f850a8178a65be811a4a662b82a33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1064
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 2 KB
1 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1592357284429&cv=9&fst=1592357284429&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0354c6dccc5fa6e81cc9d02ef4f9cfd4816361e7b17bef51c83fb70e377d3381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1061
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up
insight.adsrvr.org/track/ Frame B3B0 0
0 210ms
70ms Document
text/html 52.48.230.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.230.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=46799e24-7838-4d2b-931f-7d2e146a7b2c; TDCPM=CAEYBSABKAIyCwj0m6qNjZrJOBAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php

Response headers

status: 200
date: Wed, 17 Jun 2020 01:28:04 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
107 B 29ms
27ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1592357284423&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=2632439615&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
107 B 22ms
20ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1592357284423&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=2632439615&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
107 B 61ms
59ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=678856423&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
107 B 22ms
21ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1592357284424&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=678856423&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
107 B 24ms
24ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1592357284421&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=1898995350&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
107 B 24ms
20ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1592357284421&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=1898995350&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
107 B 60ms
57ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1592357284425&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=595828603&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
107 B 25ms
22ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1592357284425&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=595828603&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
107 B 59ms
57ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1592357284426&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=1210903105&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
107 B 25ms
23ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1592357284426&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=1210903105&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/677332377/ 42 B
107 B 56ms
55ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/677332377/?random=1592357284429&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=796767553&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/677332377/ 42 B
107 B 23ms
22ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/677332377/?random=1592357284429&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=796767553&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/677332377/ 42 B
107 B 58ms
58ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/677332377/?random=1592357284428&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=3234894700&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/677332377/ 42 B
107 B 21ms
20ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/677332377/?random=1592357284428&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=3234894700&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
107 B 57ms
57ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1592357284427&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=2123539463&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
107 B 20ms
20ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1592357284427&cv=9&fst=1592355600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa640&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2Fb534a614fb3a662399ed81bb24a7af2b%2Fgrp.php&tiba=Sign%20On%20to%20view%20your%20account&async=1&fmt=3&is_vtc=1&random=2123539463&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 58ms
58ms Script
application/javascript 151.101.113.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:28:04 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: MISS, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-hhn4064-HHN
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357285.586052,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 0, 461111

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 215ms
147ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTU5MjM1NzI4NDYxOSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDIsInVzZXJfaWQiOiAiMTcyYmZlM2ViMDk4OTYtMDdjMTcwZDcwNGI5YTUtMWIzOTYyNTYtMWQ0YzAwLTE3MmJmZTNlYjBhNjYzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vdHctZWMuY29tL2xvZ2luL2NpdGkvYjUzNGE2MTRmYjNhNjYyMzk5ZWQ4MWJiMjRhN2FmMmIvZ3JwLnBocCIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiZjNmNC04YjgxLTUwMjktNzEzYi01ZDBlLTBmN2ItYzI1Zi0zZDNmIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE1OTIzNTcyODQ1NTYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNzI1LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTU5MjM1NzI4NDU1OSwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-clsd
date: Wed, 17 Jun 2020 01:28:04 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
status: 200
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=24d9f551-6eac-4896-ba1d-84c778b59461&chk=true&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&iid=24b3e5c4-201f-4b61-9067-1407275900de
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=24b3e5c4-201f-4b61-9067-1407275900de&mt=&bd=

42 B
128 B

136ms
136ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=24b3e5c4-201f-4b61-9067-1407275900de&mt=&bd=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/b534a614fb3a662399ed81bb24a7af2b/grp.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 06ee1bba5dce8533d77cf754d2701c78
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:28:04 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=24d9f551-6eac-4896-ba1d-84c778b59461&_segid=99&_zip=&hk=&iid=24b3e5c4-201f-4b61-9067-1407275900de&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

152 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-19 19:40:53	Name: rud Value: H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bWQ4gWqMTI2NTeyMDYzNQMA1YiqiTQAAAA
tw-ec.com/	1970-01-20 03:50:29	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C18431%7CMCMID%7C73656859608955906662286837777057179461%7CMCAAMLH-1592962083%7C6%7CMCAAMB-1592962083%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1592364483s%7CNONE%7CMCAID%7C2F74B8D18515E322-6000079F1D99555B%7CMCSYNCSOP%7C411-18438%7CvVersion%7C3.1.2
tw-ec.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.demdex.net/	1970-01-19 14:38:29	Name: demdex Value: 80422220942043567771594240106791034598
tw-ec.com/	1970-01-19 10:19:19	Name: 7830 Value: error
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjI0tbQwMrcwN7C0NDcwMzG0NBDiM9Q1TSkzKq00y_Ir0bUAAKpRlbwlAAAA
tw-ec.com/	1970-01-19 10:19:19	Name: 7018 Value:
.tw-ec.com/	1970-01-19 12:28:53	Name: _gcl_au Value: 1.1.1721380771.1592357283

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js(Line 13) Message: Cooladata error: 'cooladata' object not initialized. Ensure you are using the latest version of the Cooladata JS Library along with the snippet we provide.
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 294) Message: addMbox_tnt_cards value is false
console-api	log	URL: https://online.citi.com/TMX/TMXProfiling.js(Line 4) Message: start tmxProfiling.js

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
6269322.fls.doubleclick.net
a.rfihub.com
aa.agkn.com
bat.bing.com
c1.rfihub.net
cdn.pbbl.co
citi.demdex.net
cm.everesttech.net
cse.google.com
dpm.demdex.net
googleads.g.doubleclick.net
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
s.ytimg.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
tw-ec.com
udc-neb.kampyle.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
104.111.245.241
104.111.247.111
108.128.143.12
13.226.145.171
13.226.154.106
15.236.175.233
151.101.113.175
151.101.14.133
172.217.16.194
172.217.18.6
18.197.253.20
185.31.128.129
193.0.160.129
23.43.114.84
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:816::200e
2a00:1450:4001:818::2003
2a00:1450:4001:819::2004
2a00:1450:4001:81e::2013
2a00:1450:4001:820::200e
2a00:1450:4001:824::2008
35.241.45.82
35.241.8.149
52.28.175.104
52.48.230.192
63.32.201.208
66.113.180.84
66.117.28.86
92.123.176.136
0354c6dccc5fa6e81cc9d02ef4f9cfd4816361e7b17bef51c83fb70e377d3381
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7
098ec96d97335494e2b165640ea36d1f73a1f98fb259f6bfcd06ba693d7af699
0b5274faa1c662206b2e3aa8a9b33ea51aa8143267a4cd9f9de6a63648cadc53
0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5
157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa
1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24
29db52d13eac56c4ca5e52363c666e7bba8a0703efdf1dd249cdbdca3ef25204
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc
3a2bbed1c8778501b9333e5fd55f47377f21f39033a38d9e6e19b9232f1e5f01
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4016d000406949fa22d329309e9bc7f9c1de6592ef299526ca1929272f2fd9bb
429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6
4941ded27e25351a5e1d616064accf95be6f850a8178a65be811a4a662b82a33
4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0
6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e
61bef7732873da265125c3ee9bc20896200607ecc4cb53509182ddc455e26bdc
629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38
6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a
64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4
6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4
6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b
7193aaa6c7aba8445518029290502b3e67895255039ea4a36df05ca3faa52308
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
799b3441638d39c44c00a199ecd3dec31d13b4e4103839b6f321f72ce5c1e7f7
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
8252e3d4ad1c50b9d381f1ef45d1ef1e573ddc245639fa10fcdcf62283db273c
85d88e53141e598add1bec9028b26983e49ccdabe1c8c62acb4cc3d9a74c42ae
8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701
8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e
98e511ee757b9f209813cf195f4c7dada491a008da27cc37a19917949734d62f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2
a523f76ea49078b87f5e1da8e51505d8b8ed37ca76c02c57a49b7208d900b1a7
a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156
b1182f544cec197caf3fac8c212bb09e891899acb3a79ac4a016843b9c63bce8
b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe
b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a
bda53c75c8aad226e448d24a855c7f0d6ab03f9bb5f0dcbe23de28eac2306520
c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31
c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61
c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416
d211c64bc08659fe37fb5584c228a0e7aee0179c4a48cc795b87a04fb4f5f062
d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c
d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130
dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d
e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11
e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0605bd4842ebf600215f283776428cbe1f2c94101ec530c09ad70944abd08fa
f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b
f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f
fea31b925e08f792faec014611a6e2567fd23eb56549e03605d10f5ecc91c948

tw-ec.com Open in urlscan Pro 66.113.180.84 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

104 Requests

100 %HTTPS

29 %IPv6

23 Domains

31 Subdomains

29 IPs

6 Countries

1090 kBTransfer

3603 kBSize

8 Cookies

10 Outgoing links

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

100 %
HTTPS

29 %
IPv6

23
Domains

31
Subdomains

29
IPs

6
Countries

1090 kB
Transfer

3603 kB
Size

8
Cookies

104 HTTP transactions
0 data transactions